Solved: Testing IPS modules on ASA 5505

Christopher Clark · ‎04-19-2012

How do you all test the IPS traffic on the AIP-SSC5 in a 5505, since the default signatures are retired and you can't unretire them, one cannot enable the signatures 2000-2012 on the 5505.

Karsten Iwen · ‎03-13-2014

Look at the web-signatures. There are a couple of them that shoudn't be retired. For example attacks like directory-traversal or access of cmd.exe. These can be easily tested in a browser or with a vulnerability scanner like nessus.

View solution in original post

Saurav Lodh · ‎03-12-2014

Differences Between the Modules

The IPS module for the ASA 5510 and higher supports higher performance requirements, while the IPS module for the ASA 5505 is designed for a small office installation. The following features are supported for the ASA 5510 and higher, and not for the ASA 5505:

•Virtual sensors

•Anomaly detection

•Unretirement of default retired signatures

Karsten Iwen · ‎03-13-2014

Look at the web-signatures. There are a couple of them that shoudn't be retired. For example attacks like directory-traversal or access of cmd.exe. These can be easily tested in a browser or with a vulnerability scanner like nessus.